From ecd6ebb41caf0641b07dce8bea946a6a5248f9da Mon Sep 17 00:00:00 2001 From: Charles-Henry Vagner Date: Tue, 14 Nov 2017 16:46:58 +0100 Subject: [PATCH] Automatisation installation et vagrant --- vagrant/.gitignore | 1 + vagrant/README.md | 20 ++++++ vagrant/Vagrantfile | 154 +++++++++++++++++++++++++++++++++++++++++ vagrant/install.sh | 164 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 339 insertions(+) create mode 100755 vagrant/.gitignore create mode 100644 vagrant/README.md create mode 100755 vagrant/Vagrantfile create mode 100755 vagrant/install.sh diff --git a/vagrant/.gitignore b/vagrant/.gitignore new file mode 100755 index 00000000..8000dd9d --- /dev/null +++ b/vagrant/.gitignore @@ -0,0 +1 @@ +.vagrant diff --git a/vagrant/README.md b/vagrant/README.md new file mode 100644 index 00000000..9a04c82e --- /dev/null +++ b/vagrant/README.md @@ -0,0 +1,20 @@ +# Prevarisc - Installation automatisée + +**L'installation automatisée** est inspirée de la [documentation officielle](https://sdis62.github.io/prevarisc/docs/installation-dun-serveur-prevarisc/). +## Dans une machine virtuelle +Le fichier ```Vagrantfile``` permet de créer rapidement une machine virtuelle [VirtualBox](https://www.virtualbox.org) munie de prevarisc via [Vagrant](https://www.vagrantup.com/downloads.html). Pour tester : +
+cd vagrant && vagrant up
+
+ +Accès après l'installation : http://localhost:8001 + +## Sur un serveur +Pour installer rapidement un serveur prevarisc, on réalise l'équivalent de ce qui est réalisé par Vagrant. A savoir : + +1. Partir d'un serveur Debian 7X vierge +2. Déposer le script d'installation ```install.sh``` +2. Redéfinir les variables d'environnement ```PREVARISC_*``` présentes dans le fichier Vagrantfile (mots de passe, nom du serveur, clé IGN, lien vers le package prevarisc, etc.) +3. Exécuter ```install.sh``` + +Accès après l'installation : http://prevarisc.sdisxx.fr diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile new file mode 100755 index 00000000..faf08369 --- /dev/null +++ b/vagrant/Vagrantfile @@ -0,0 +1,154 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # All Vagrant configuration is done here. The most common configuration + # options are documented and commented below. For a complete reference, + # please see the online documentation at vagrantup.com. + + # Every Vagrant virtual environment requires a box to build off of. + config.vm.box = "driebit/debian-7-x86_64" + config.vm.host_name = "prevarisc" + + # The url from where the 'config.vm.box' box will be fetched if it + # doesn't already exist on the user's system. + # config.vm.box_url = "http://domain.com/path/to/above.box" + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network :forwarded_port, guest: 80, host: 8080 + config.vm.network :forwarded_port, guest: 80, host: 8001 + config.vm.network :forwarded_port, guest: 3306, host: 3307 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network :private_network, ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network :public_network + + # If true, then any SSH connections made will enable agent forwarding. + # Default value: false + # config.ssh.forward_agent = true + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + config.vm.synced_folder "~/.vagrant.d/cache/apt", "/var/cache/apt/archives", create: true + config.vm.synced_folder "../", "/vagrant", :owner => 'root', create: true + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider :virtualbox do |vb| + vb.name = "prevarisc" + # Don't boot with headless mode + #vb.gui = true + vb.memory = 1024 + # # Use VBoxManage to customize the VM. For example to change memory: + #vb.customize ["modifyvm", :id, "--memory", "1024"] + end + + # View the documentation for the provider you're using for more + # information on available options. + + # Enable provisioning with Puppet stand alone. Puppet manifests + # are contained in a directory path relative to this Vagrantfile. + # You will need to create the manifests directory and a manifest in + # the file base.pp in the manifests_path directory. + # + # An example Puppet manifest to provision the message of the day: + # + # # group { "puppet": + # # ensure => "present", + # # } + # # + # # File { owner => 0, group => 0, mode => 0644 } + # # + # # file { '/etc/motd': + # # content => "Welcome to your Vagrant-built virtual machine! + # # Managed by Puppet.\n" + # # } + # + # config.vm.provision :puppet do |puppet| + # puppet.manifests_path = "manifests" + # puppet.manifest_file = "site.pp" + # end + + # Enable provisioning with chef solo, specifying a cookbooks path, roles + # path, and data_bags path (all relative to this Vagrantfile), and adding + # some recipes and/or roles. + # + # config.vm.provision :chef_solo do |chef| + # chef.cookbooks_path = "../my-recipes/cookbooks" + # chef.roles_path = "../my-recipes/roles" + # chef.data_bags_path = "../my-recipes/data_bags" + # chef.add_recipe "mysql" + # chef.add_role "web" + # + # # You may also specify custom JSON attributes: + # chef.json = { :mysql_password => "foo" } + # end + + # Enable provisioning with chef server, specifying the chef server URL, + # and the path to the validation key (relative to this Vagrantfile). + # + # The Opscode Platform uses HTTPS. Substitute your organization for + # ORGNAME in the URL and validation key. + # + # If you have your own Chef Server, use the appropriate URL, which may be + # HTTP instead of HTTPS depending on your configuration. Also change the + # validation key to validation.pem. + # + # config.vm.provision :chef_client do |chef| + # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME" + # chef.validation_key_path = "ORGNAME-validator.pem" + # end + # + # If you're using the Opscode platform, your validator client is + # ORGNAME-validator, replacing ORGNAME with your organization name. + # + # If you have your own Chef Server, the default validation client name is + # chef-validator, unless you changed the configuration. + # + # chef.validation_client_name = "ORGNAME-validator" + + # Définition des paramètres (une fois) + config.vm.provision "shell", inline: <<-SHELL +cat ~/.bashrc | grep PREVARISC_SERVERNAME +if [ $? -eq 0 ]; then + # Variables déjà dans le profil, on ne va pas plus loin + echo "root : pas d'ajout des variables dans le profil (déjà présentes)" + exit 0 +fi +# Ajout des variables dans le profil +echo "root : ajout des variables dans le profil" +cat << 'EOF' >> /root/.bashrc + +# Variable PREVARISC* +export PREVARISC_DB_PASSWORD=root +export PREVARISC_APPROOTPASSWORD=root +export PREVARISC_SERVERNAME=prevarisc +export PREVARISC_PLUGIN_IGNKEY=liw0dyatvqxves9doctvc01f +export PREVARISC_SECURITY_SALT=`date | md5sum | awk '{ print $1 }'` +export PREVARISC_ZIP_BRANCH=https://github.com/cvagner/prevarisc/archive/2.x.zip +export PREVARISC_APPROOTPASSWORD=root + + +EOF +. /root/.bashrc +SHELL + + config.vm.provision "shell", path: "install.sh" + +end diff --git a/vagrant/install.sh b/vagrant/install.sh new file mode 100755 index 00000000..93b87865 --- /dev/null +++ b/vagrant/install.sh @@ -0,0 +1,164 @@ +# ------------------------------ +# - INSTALLATION DE PREVARISC +# ------------------------------ + +echo && echo "Installation prevarisc" + +# Execution en root +if ( ! (whoami | grep root > /dev/null) ); then + echo && echo "not root : sudo su" + sudo su +fi + +# Assignation de valeurs par défaut si nécessaire +export PREVARISC_DB_PASSWORD=${PREVARISC_DB_PASSWORD:=root} +export PREVARISC_APPROOTPASSWORD=${PREVARISC_APPROOTPASSWORD:=root} +export PREVARISC_SERVERNAME=${PREVARISC_SERVERNAME:=prevarisc} +export PREVARISC_PLUGIN_IGNKEY=${PREVARISC_PLUGIN_IGNKEY:=A_RENSEIGNER} +export PREVARISC_SECURITY_SALT=${PREVARISC_SECURITY_SALT:=`date | md5sum | awk '{ print $1 }'`} +export PREVARISC_ZIP_BRANCH=${PREVARISC_ZIP_BRANCH:=https://github.com/SDIS62/prevarisc/archive/2.x.zip} + +if [ $PREVARISC_PLUGIN_IGNKEY = "A_RENSEIGNER" ]; then + echo && echo "WARNING : PREVARISC_PLUGIN_IGNKEY dans /etc/apache2/sites-available/prevarisc" +fi + + +# ------------------------------ +# - Prérequis +# ---------- + +echo && echo "Mise à jour des paquets" +aptitude -y update +aptitude -y upgrade + +echo && echo "Configuration et installation des nouveaux paquets" + +# Définir le mot de passe root MySQL +echo "mysql-server mysql-server/root_password password ${PREVARISC_DB_PASSWORD}" | debconf-set-selections +echo "mysql-server mysql-server/root_password_again password ${PREVARISC_DB_PASSWORD}" | debconf-set-selections + +# Installer les dépendances +apt-get -y install mysql-server mysql-workbench apache2 php5 php5-gd php5-ldap php5-mysql php-apc curl git p7zip-full + + +# ------------------------------ +# - Serveur web +# ---------- + +echo && echo "Coniguration du serveur apache" + +a2enmod rewrite +a2enmod expires +a2enmod include + +mkdir -p /var/www/prevarisc/public +envsubst << "EOF" > /etc/apache2/sites-available/prevarisc + + + ServerName ${PREVARISC_SERVERNAME} + DocumentRoot /var/www/prevarisc/public + + #SetEnv [CLE DE CONFIGURATION] [VALEUR] + #SetEnv PREVARISC_APPLICATION_PATH /var/www/prevarisc/application + + SetEnv PREVARISC_BRANCH 2.x + #SetEnv PREVARISC_REVISION + + SetEnv PREVARISC_DB_ADAPTER Pdo_Mysql + SetEnv PREVARISC_DB_CHARSET utf8 + SetEnv PREVARISC_DB_HOST localhost + Setenv PREVARISC_DB_USERNAME root + SetEnv PREVARISC_DB_PASSWORD ${PREVARISC_DB_PASSWORD} + SetEnv PREVARISC_DB_DBNAME prevarisc + SetEnv PREVARISC_CACHE_LIFETIME 3600 + # Clé pour le nom "prevarisc" + SetEnv PREVARISC_PLUGIN_IGNKEY ${PREVARISC_PLUGIN_IGNKEY} + # Clé de sécurité pour la hashage des mots de passe + SetEnv PREVARISC_SECURITY_SALT ${PREVARISC_SECURITY_SALT} + + + DirectoryIndex index.php + AllowOverride all + Order allow,deny + Allow from all + + + RewriteEngine off + + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} -s [OR] + RewriteCond %{REQUEST_FILENAME} -l [OR] + RewriteCond %{REQUEST_FILENAME} -d + RewriteRule ^.*$ - [NC,L] + RewriteRule ^.*$ /index.php [NC,L] + + + +EOF + +# (Dés)activation des sites Apache +a2dissite default +a2ensite prevarisc + +/etc/init.d/apache2 restart + + +# ------------------------------ +# - Application Prevarisc +# ---------- + +echo && echo "Installation de l'application prevarisc" + +cd /var/www +echo "Téléchargement sources..." && wget -q ${PREVARISC_ZIP_BRANCH} --output-document=prevarisc.zip +7z x prevarisc.zip -oprevarisctmp +mv -f prevarisctmp/`ls prevarisctmp`/* prevarisc/ +rm -rf prevarisctmp +rm -f prevarisc.zip + +chmod 755 prevarisc +cd prevarisc +curl https://getcomposer.org/installer | php + +# Si besoin : augmenter le timeout dans /var/www/prevarisc/composer.json : +#nano /var/www/prevarisc/composer.json +#"config": { +# "process-timeout" : 1000 +#}, + +#php composer.phar install --prefer-source +php composer.phar install --prefer-dist +chown -R www-data:www-data * +chmod -R 555 * +chmod -R 755 public/ + + +# ------------------------------ +# - Base de données +# ---------- + +echo && echo "Création de la base de données" + +mysql -hlocalhost -uroot -p${PREVARISC_DB_PASSWORD} < /var/www/prevarisc/sql/init/prevarisc.sql + +# Ajout des droits à l'utilisateur root : +cat << "EOF" > /root/acces.sql +begin; +insert into groupe(LIBELLE_GROUPE, DESC_GROUPE) values ('Tous les droits', 'Tous les droits'); +insert into `groupe-privileges`(ID_GROUPE, id_privilege) SELECT (select ID_GROUPE from groupe where libelle_groupe='Tous les droits'), id_privilege FROM privileges; +update utilisateur set ID_GROUPE=(select ID_GROUPE from groupe where libelle_groupe='Tous les droits') where USERNAME_UTILISATEUR = 'root'; +commit; +EOF + +mysql -hlocalhost -uroot -p${PREVARISC_DB_PASSWORD} prevarisc < /root/acces.sql + +# Définition du mot de passe de l'utilisateur applicatif root +mysql -uroot -p${PREVARISC_DB_PASSWORD} prevarisc --execute="update utilisateur set PASSWD_UTILISATEUR = md5(CONCAT(USERNAME_UTILISATEUR, '${PREVARISC_SECURITY_SALT}', '${PREVARISC_APPROOTPASSWORD}')) where USERNAME_UTILISATEUR = 'root';" + + +# ------------------------------ +# - Redémarrage Apache final +# ---------- + +service apache2 restart +